I have a certificate bought from godaddy and it needs to be installed in our nodejs server.I have the below code written. This was working earlier but we recently renewed the certificate and replaced the old certificates with the renewed certificate and certificate private key file in the specified folder. But the certificate information is not getting reflected in the website. The expiry date for old certificate was june-20,2018.Will it not reflect till the old one gets expired?
var options = {
key: fs.readFileSync('certificate/mssp.tcs.com.key'),
cert: fs.readFileSync('certificate/mssp.tcs.com.crt'),
ca: [fs.readFileSync('certificate/mssp.tcs.comi.crt')]
};
var server = app.listen(8001, function () {
console.log('%s listening at %s', server.name, server.url);
console.log("server Started");
});
https.createServer(options,app).listen('443 ');
The way you are importing the certificate and key is correct. So I think your issue is probably caused by pointing to the old files or existing process using old certificates. In this situation I suggest:
Double check certificate/mssp.tcs.com.* files to ensure all of them are really pointing to the renewed files. Sometimes we have symbolic links to restricted folders and a simple copy might fail without correct privileges.
Once you ensure that new files are in place. Make sure you kill the older process that might be running. You can achieve that by a ps -ef | grep node on linux servers and then kill it by PID. Just be careful to stop the correct application. Once you stop the old process, you should get a 'Not Found' if you access your web application through a browser.
Ensuring you have new files in place and that old process is not running anymore, start your node process. Your certificates should be updated :)
Finally, I would also suggest you to review the server which is running on port 8001 without https. Just make sure you need that or remove it. A simple code to run HTTPS can be like that:
'use strict';
var express = require('express'),
fs = require('fs'),
https = require('https');
var httpPort = 443;
var app = express();
var options = {
key: fs.readFileSync('privkey.pem'),
cert: fs.readFileSync('cert.pem')
};
app.set('port', httpPort);
app.use(express.static(path.join(__dirname, '/public')));
https.createServer(options, app).listen(httpPort, function(){
console.log('Listening at ' + httpPort);
});
Related
I'm going insane trying to get a super basic wss:// functioning in NodeJS for the last 2 days. I've tried quite a few methods and libraries but I can't seem to get the websocket server attached to an https instance. I have no problem leveraging regular old http and attaching it to that instance. I don't get any errors in my debug console.
I've created both self-style type certs (Create Key + CA, create CSR,
sign it, use new server cert), and (Create Key + self-signed Cert,
use them).
I've tried disabling TLS verification via env var:
NODE_TLS_REJECT_UNAUTHORIZED="0"
I've tried both ws, and websocket libraries and many different combos
of basic ws creation vs server attaching methods.
I've built a VM of Ubuntu 21.04, installed dependencies and vscode
just to rule out my OS. Same issue here.
Tried using node versions 14 + 16.
:Package Deps:
"websocket": "^1.0.34",
"ws": "^8.0.0"
:server.js:
const fs = require('fs');
const WebSocket = require('ws');
//HTTPS
const https = require('https');
const server = new https.createServer({
key: fs.readFileSync('./config/certs/key.pem'),
cert: fs.readFileSync('./config/certs/cert.pem')
});
//HTTP
// const http = require('http');
// const server = new http.createServer();
const wss = new WebSocket.Server({server});
wss.on('connection', function connection(ws) {
ws.on('message', function incoming(message) {
console.log('received: %s', message);
ws.send('hello from server!, the time is: ' + timestamp());
});
});
//Helper function to create a timestamp
function timestamp() {
return (new Date)
.toISOString()
.replace(/z|t/gi, ' ')
.trim()
};
//Start the server
server.listen(3000);
I'm suspecting some underlying compatibility issues between node and dependencies or something...Any advice would be much appreciated. I'm not too familiar with debugging internal modules so if there are some command line switches I should add to node/nodemon please let me know. I have --inspect and --trace-warnings enabled at the very least.
I just figured it out and as usual it was something simple and overlooked. I've been using Firefox with the Weasel client add-on to test websockets. I had imported my self-signed cert along with the root CA cert I had created into Firefox. Even though it was imported, I still had to navigate to the HTTPS url and acknowledge the wonderful yellow border popup. As soon as I clicked on "Accept risk and continue" I tabbed over to Weasel and it established a connection to wss://localhost:3000 with no problems.
Even though the cert is whitelisted I still receive the warning page and have to acknowledge it. Next time I'll try a different client like one built in another language (Python, .NET...). Never would have thought it to be a browser issue but it makes sense with the way ssl/tls works.
My expressjs+Socket.io server runs on a Raspberry Pi. When trying to connect to the express, there is a http+https incompatibility that Firebase doesn't seem to like. Tells me to use Https instead. When using Https, I get Certificate errors. So I went and bought myself a brand new SSL certificate from my domain provider and... on my local machine, where I accidentally installed the certificate, everything works fine, but on my laptop or mobile, when I go to the website, it says "(net::ERR_CERT_COMMON_NAME_INVALID)". I am not sure what to do, since many resources online cover only how to bypass this problem on their machine, without fixing the problem for everyone.
Server.js
var app = require("express")();
var https = require("https");
var fs = require("fs");
var server = https.createServer(
{
key: fs.readFileSync('./sslkey.key'),
cert: fs.readFileSync('./sslcert.crt'),
ca: fs.readFileSync('./sslca.ca-bundle'),
},
app
);
var io = require("socket.io")(server);
io.on("connection", function(socket) {
console.log("User connected");
})
server.listen(4444, function() {
console.log("listening on *:4444");
});
I also use Socket.io with Angular and I couldn't find a way to disable "rejectUnauthorized", as many suggested to skip the SSL check.
Any help?
I have a website "https://m.abc.com", when I tried to open this website then my website is working fine and I am able to see green lock on address bar, but when I try to open "https://m.abc.com:9090" (where my node server application is running) then I am getting one warning "your connection is not private.. attackers might be trying to steal your information from m.abc.com. NET::ERR_CERT_AUTHORITY_INVALID " with red warning sign on address bar. How can I get rid of this warning? And one more thing this is happening randomly on few android mobile only not on iPhone. And on Desktop site I am not getting any warning.
here is the sample code that is writtten in nodejs for https server:
var appPort = 9090;
var fs = require('fs');
var https = require('https');
var options = {
key: fs.readFileSync('/etc/httpd/sslcert/abc.key'),
cert: fs.readFileSync('/etc/httpd/sslcert/abc_com.crt')
};
server = https.createServer(options, app).listen(appPort, function() {
console.log('HTTPS Server listening at port %d', appPort);
});
I've been playing around with the Cloud9 IDE and am having a great time with it. However, I'm trying to setup a simple https server with node js and I can't seem to get it to work. When I run the page, Cloud9 says 'Running Node Process' but when I visit the url that the server is supposed to respond to: https://workspace.user.c9.io the page says
Service Temporarily Unavailable
The server you are trying to contact is down either because it was stopped or is unable to service your request due to maintenance downtime or capacity problems. Please try again later.
node-web-proxy/0.4 Server at project-livec9f70a01ca28.rhcloud.com Port 8000
I created a test certificate with OPENSSL and am using the following code to set up my server. I can confirm that the OPENSSL certificate was built correctly.
var https = require("https");
var fs = require("fs");
var url = require("url");
var options = {
key: fs.readFileSync('certs/cert.pem'),
cert: fs.readFileSync('certs/cert.pem')
};
// create a server
https.createServer(options, function(req, res) {
console.log("This works!");
res.writeHead(200);
res.end("Hello world from Cloud9! Url:"+req.url);
}).listen(process.env.PORT);
Thank you for your help!
you need .listen(process.env.PORT,process.env.IP);
It should say that when you start a program.
I'm trying to write a reverse proxy in node.js using express, and it works fine for http requests. The problem is that when requesting https it never responds, and the browser states that the proxy refused to connect.
Here is the working code for http requests:
var app = express(),
http=require('http');
app.configure(function(){ /* express stuff to log and use routes and the like */ });
http.createServer(app).listen(8000, function(){
console.log("Express server listening on port " + 8000);
});
app.all('*', proxy);
var request=require('request');
var proxy=function(req,resp){
var data={
url:req.url,
headers: {
'Connection': 'keep-alive'
}
}
var proxy=request(req.url);
proxy.pipe(resp);
}
Now, as for SSL, i am currently trying with:
var https=require('https'),
fs=require('fs');
https.createServer({
key: fs.readFileSync(__dirname+'/ssl/server.key', 'utf8'),
cert: fs.readFileSync(__dirname+'/ssl/server.crt', 'utf8')
},app).listen(8001, function(){
console.log("Express server listening on port " + 8001);
});
The proxy can be used from anywhere requiring 50.56.195.215:8000 for HTTP and 50.56.195.215:8001 for SSL. It has no security whasoever, so don't log in to anything important =D
I'm using a self signed SSL Certificate, and i guess it's kind of silly of me to try to do such a thing, but i don't have any ideas left :P
My suggestion is use the great existing library node-http-proxy from Nodejitsu. If you want to write your own, at least study their source code academically.
Some notes on your approach above:
You aren't handling HTTP methods other than GET (POST, PUT, DELETE, etc). These exist. You must handle them if you want your proxy to actually work. Every time you call request(req.url), request is making a GET request by default.
For HTTPS, you need to be able to handle HTTP Connects and also impersonate the destination server. You will need to have a Certificate for this.
You can try using this.
https://github.com/noeltimothy/noelsproxy
Copy the directory "magical" that contains a certificate as well as a key and then use noelsproxy. Remember to add the ca.pem to your trusted root store on your system.
If you are using windows, do this:
certutil -addstore -enterprise -f \"Root\" ./magical/ca.pem
Let me know if you have any issues. I'm willing to fix them immediately.